Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. FAQ

CMS-Specific WAF Ruleset Status on ModSecurity 3 and LiteSpeed

Vladislav Dagaev
  • Updated

Issue

CMS-specific WAF Rules are unavailable on LiteSpeed servers and ModSecurity 3.

Environment

  • Imunify360
  • LiteSpeed
  • ModSecurity3

Solution

This feature is only available for the Apache 2.4 web server and ModSecurity v2. 

Cause

  1. The reason behind this limitation is that LiteSpeed does not have a fully functional mod_security2 implementation. LiteSpeed's ModSecurity implementation is based on ModSecurity v2, but it does not support all the features available in Apache 2.4 with mod_security2. Consequently, the CMS-specific WAF ruleset feature that relies on a complete mod_security2 implementation is unavailable on LiteSpeed servers.
  2. Also the ModSecurity directive SecRemoveRuleByTag does work on ModSecurity v3.0 without causing a web server crash. It operates differently than in ModSecurity v2 and does not support regular expressions. Unfortunately, attempting to use regular expressions with SecRuleRemoveByTag in ModSecurity v3 will result in a web server crash due to incorrect syntax.

Useful links

 

 

Comments

0 comments

Please sign in to leave a comment.

Related articles